diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2024-08-14 09:23:20 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2024-08-14 09:23:20 -0700 |
| commit | 9d5906799f7d89c9e12f6d2e0fccb00713c945ab (patch) | |
| tree | 7d8dc91dd85e0b888620d0425ad8e679ceda3431 /include | |
| parent | 4ac0f08f44b62e59a389c7ed87c89087d9fefe29 (diff) | |
| parent | 05a3d6e9307250a5911d75308e4363466794ab21 (diff) | |
Merge tag 'selinux-pr-20240814' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux
Pull selinux fixes from Paul Moore:
- Fix a xperms counting problem where we adding to the xperms count
even if we failed to add the xperm.
- Propogate errors from avc_add_xperms_decision() back to the caller so
that we can trigger the proper cleanup and error handling.
- Revert our use of vma_is_initial_heap() in favor of our older logic
as vma_is_initial_heap() doesn't correctly handle the no-heap case
and it is causing issues with the SELinux process/execheap access
control. While the older SELinux logic may not be perfect, it
restores the expected user visible behavior.
Hopefully we will be able to resolve the problem with the
vma_is_initial_heap() macro with the mm folks, but we need to fix
this in the meantime.
* tag 'selinux-pr-20240814' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
selinux: revert our use of vma_is_initial_heap()
selinux: add the processing of the failure of avc_add_xperms_decision()
selinux: fix potential counting error in avc_add_xperms_decision()
Diffstat (limited to 'include')
0 files changed, 0 insertions, 0 deletions